Use -buildmode=pie (position independence executable) #24323
Assignees
Labels
Team:Automation
Label for the Observability productivity team
Team:Elastic-Agent
Label for the Agent team
Team:Observability
Comments
botelastic
bot
added
the
needs_team
botelastic
bot
removed
the
needs_team
|
Pinging @elastic/agent (Team:Agent) |
This was referenced Mar 16, 2021
|
Its possible that golang 1.15 already adds ASLR support by default. @urso offered to double check |
2 tasks
|
Checking the release notes, it seems position independent code is enabled by default for Windows and Linux targets. Anyways, I made the buildmode=pie more explicit for platforms that support this feature (including AIX and macOS) in #24964. Let's see what our build environment thinks about it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the enhancement:
Add a buildmode flag to enable our Go binaries to support ASLR. This should be included in Elastic Agent, Beats and Fleet Server.
A few years ago Golang added support for -buildmode=pie. This enables Go binaries to take advantage of ASLR and helps us mitigate the potential for someone to create a reliable exploit if we one day discover a vulnerability. There are a few resources online to learn more about why ASLR is important, like this blog.
I noticed a few other Go projects have successfully added this, like Cloud Foundry's go-buildpack.
The text was updated successfully, but these errors were encountered: